<?php
include_once(realpath(dirname(__FILE__))."/Dao.php");
include_once(realpath(dirname(__FILE__))."/../user.php");



class UserDao extends Dao {
    public function __construct() {
        parent::__construct();
    }

    public function getAllUsers() {
        die("Not implemented");
    }

    /* inserts a user
     * returns: on success: 1
     *          on error: 0
     */
    public function insert($user,$pw) {
	$id = $user->getStudentId();
	$lastname = $user->getLastName();
        $firstname = $user->getFirstName();
	$username = $user->getUserName();

        $sql = <<<SQL
INSERT INTO account VALUES
('$id'
,'$firstname'
,'$lastname'
,'$pw'
,'$username'
,'no@email.com')
SQL;
        $result = mysql_query($sql, $this->m_cx);
        return $result;
    }

    /* delete a user
     * returns: on success: 1
     *          on error: 0
     */
    public function remove($user) {
         $student_id = $user->getStudentId();
         $sql = "DELETE FROM account WHERE uwid = '$student_id'";
         $result = mysql_query($sql, $this->m_cx);
	 return $result;
    }

    /* update a user
     * returns: on success: 1
     *          on error: 0
     */
    public function update($user) {
    //TODO This fct isn't unit-tested.

         $sql = <<<SQL
UPDATE account SET
 familyname = $user->getLastName()
,givenname = $user->getFirstName()
,password = $user->getPasswordHash()
SQL;
        $result = mysql_query($sql, $this->m_cx);
        return $result;
    }

    /* look-up a user by userid
     * returns: on non-empty success: user object
     *          on empty success: 0
     *          on fail: -1
     */
    public function lookupByUserName($userid) {
         $sql = <<<SQL
SELECT givenname, familyname, uwid, username  
FROM account WHERE username='$userid'
SQL;
        $result = mysql_query($sql, $this->m_cx);
	if( !$result) die( mysql_error() );
	$r = mysql_fetch_assoc($result);
	if($r) {
            return new 
	        user( $r['givenname'], $r['familyname']
		    , $r['uwid'], $r['username'] );
	} else {
	    return 0;
	}
    }

    /* look up a uwid given a username
     * inputs: 
     *         $uwid - username of the team member to add
     * returns: on success: uwid of user
     *          on sql error: 0
     *          on NO SUCH USER: -1
     */
    public function lookupUwIdForUserName($username) {
        /* look-up uwid of username */
        $sql = <<<SQL
SELECT uwid FROM account
WHERE username = '$username'
SQL;
        $result = mysql_query($sql, $this->m_cx);
	if( !$result ) {
            echo "addTeammateByUsername: failed to lookup username: ".mysql_error();
            return 0;
        }
        $r = mysql_fetch_assoc($result);
	if( !$r ) {
	    //empty result set
	    return -1;
	} else {
	    //result found
	    return $r['uwid'];
	}

    }

    /* look-up a user by uwid 
     * returns: on success: user object
     *          on error: 0
     */
    public function lookupByUwId($uwid) {
         $sql = <<<SQL
SELECT givenname, familyname, uwid, username  
FROM account WHERE uwid='$uwid'
SQL;
        $result = mysql_query($sql, $this->m_cx);
	$r = mysql_fetch_assoc($result);
	if($r) {
            return new 
	        user( $r['givenname'], $r['familyname']
		    , $r['uwid'], $r['username'] );
	} else {
	    return 0;
	}
    }
    
    public function auth($userName, $input_pw) {
    	$sql = <<<SQL
SELECT password
FROM account WHERE username='$userName'
SQL;
    	$result = mysql_query($sql, $this->m_cx);
    	$r = mysql_fetch_assoc($result);
    	if($r) {
    		if( $r['password']==$input_pw) return true;
    	} else {
    		return false;
    	}
    }
    
    

    /* look-up a user by name
     * returns: on success: user object
     *          on error: 0
     */
    /*public function lookupByName($familyname, $givenname) {
         $sql = <<<SQL
SELECT * FROM account WHERE familyname=$familyname AND givenname=$givenname
SQL;
        $result = mysql_query($sql, $this->m_cx);
        return new user( first, last, id, username );
    }
    */
}//class
?>
